From d87020f0ca6897fbc1ba815fc1d9d048795e8749 Mon Sep 17 00:00:00 2001 From: Ophestra Date: Sun, 19 Oct 2025 02:39:23 +0900 Subject: [PATCH] hst/config: validate env early This should happen in hst since it requires no system state. Signed-off-by: Ophestra --- hst/config.go | 12 ++++++++++++ hst/config_test.go | 14 ++++++++++++++ 2 files changed, 26 insertions(+) diff --git a/hst/config.go b/hst/config.go index 1b07755..8a96605 100644 --- a/hst/config.go +++ b/hst/config.go @@ -3,6 +3,7 @@ package hst import ( "errors" "strconv" + "strings" "hakurei.app/container/check" ) @@ -45,6 +46,9 @@ var ( // ErrIdentityBounds is returned by [Config.Validate] for an out of bounds [Config.Identity] value. ErrIdentityBounds = errors.New("identity out of bounds") + + // ErrEnviron is returned by [Config.Validate] if an environment variable name contains '=' or NUL. + ErrEnviron = errors.New("invalid environment variable name") ) // Validate checks [Config] and returns [AppError] if an invalid value is encountered. @@ -83,6 +87,14 @@ func (config *Config) Validate() error { return &AppError{Step: "validate configuration", Err: ErrConfigNull, Msg: "container configuration missing path to initial program"} } + + for key := range config.Container.Env { + if strings.IndexByte(key, '=') != -1 || strings.IndexByte(key, 0) != -1 { + return &AppError{Step: "validate configuration", Err: ErrEnviron, + Msg: "invalid environment variable " + strconv.Quote(key)} + } + } + return nil } diff --git a/hst/config_test.go b/hst/config_test.go index f3690eb..6bc878a 100644 --- a/hst/config_test.go +++ b/hst/config_test.go @@ -39,6 +39,20 @@ func TestConfigValidate(t *testing.T) { Shell: fhs.AbsTmp, }}, &hst.AppError{Step: "validate configuration", Err: hst.ErrConfigNull, Msg: "container configuration missing path to initial program"}}, + {"env equals", &hst.Config{Container: &hst.ContainerConfig{ + Home: fhs.AbsTmp, + Shell: fhs.AbsTmp, + Path: fhs.AbsTmp, + Env: map[string]string{"TERM=": ""}, + }}, &hst.AppError{Step: "validate configuration", Err: hst.ErrEnviron, + Msg: `invalid environment variable "TERM="`}}, + {"env NUL", &hst.Config{Container: &hst.ContainerConfig{ + Home: fhs.AbsTmp, + Shell: fhs.AbsTmp, + Path: fhs.AbsTmp, + Env: map[string]string{"TERM\x00": ""}, + }}, &hst.AppError{Step: "validate configuration", Err: hst.ErrEnviron, + Msg: `invalid environment variable "TERM\x00"`}}, {"valid", &hst.Config{Container: &hst.ContainerConfig{ Home: fhs.AbsTmp, Shell: fhs.AbsTmp,